Now, when I send email from something@example.com with SMTPAUTH me@example.com, the login succeeds but the mail is rejected with message "Sender address rejected not owned by user me@example.com"

I have investigated the configuration and it seems related to postfix option reject_sender_login_mismatch (which is a good thing) and the query stored in /etc/postfix/pgsql/sender_login_maps.cf

The query is:

SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1

In my opinion is the query wrong as it allows the mailbox owner to send only emails from mailbox.username

Correct me if I'm wrong but the mailbox owner should be allowed to send email from all aliases pointing to his/her mailbox.

SELECT mailbox.username FROM mailbox,domain WHERE (mailbox.username='%s' OR mailbox.enablesendermismatch = 1) AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1

I also changed reject_sender_login_mismatch to reject_authenticated_sender_login_mismatch.

The meaning:- if mailbox.enablesendermismatch is 0 (default), it behaves identically as the default iRedMail installation,- if mailbox.enablesendermismatch is 1, user is able to send emails from any address in corresponding domain.

@Zhang: can you please review the solution and comment it?I also suggest, you change the default postfix setup to use reject_authenticated_sender_login_mismatch instead of too restrictive reject_sender_login_mismatch / the sideefect of the default setup is - users cannot send emails using other mailservers than iRedMail. I think it's relatively common, users are using SMTP of their ISPs (some ISPs even block port 25, so the iRedMail setup is unusable).

Re: reject_sender_login_mismatch and aliases

*) Your solution with SQL structure modification is worse. With "mailbox.username='%s' OR mailbox.enablesendermismatch=1", it can bypass mailbox.username, that means anyone with "mailbox.enablesendermismatch=1" can fake sender address.

*) No plan to use "reject_unauthenticated_sender_login_mismatch" as default value.

I "think/guess" most users just check "From:" address to see who sent this message, and mail clients (Outlook, Thunderbird, etc) doesn't show the real sender (shown in mail headers) at all. Consider this situation: all users under your domain can send out emails as another one, even as your boss (use your boss's email address in "From:") ...

Re: reject_sender_login_mismatch and aliases

ZhangHuangbin wrote:

*) Your solution with SQL structure modification is worse. With "mailbox.username='%s' OR mailbox.enablesendermismatch=1", it can bypass mailbox.username, that means anyone with "mailbox.enablesendermismatch=1" can fake sender address.

It was actually the wanted behavior.In default iRedMail config you cannot sent email as any other address then mailbox.username / even if you have the wanted email as alias of your own mailbox.It sounds for me very limiting and close to wrong (I could imagine different usernames, not in form of email address).

This will give the possibility to fake email address to all authenticated users. It sounds to me far worser than allow it to some users / on top, my solution allows to fake the address only in the same domain.

ZhangHuangbin wrote:

*) No plan to use "reject_unauthenticated_sender_login_mismatch" as default value.

I "think/guess" most users just check "From:" address to see who sent this message, and mail clients (Outlook, Thunderbird, etc) doesn't show the real sender (shown in mail headers) at all. Consider this situation: all users under your domain can send out emails as another one, even as your boss (use your boss's email address in "From:") ...

Sure it's not a good thing in general. Thus I try to allow it only for specific users.

Perfect solution would be to allow mailbox.username to sent emails as all aliases bound to the mailbox...

Could you point me in the correct direction of how to implement it? I would be glad to implement it and post the results to you.I understand /etc/postfix/pgsql/sender_login_maps.cf does the check between mailbox.username and MAIL FROM. So is somewhere list and description of all substitutions done in the query? What's the meaning of '%s' and '%d'

Re: reject_sender_login_mismatch and aliases

I had the same problem and I changed sender_login_maps.cf to:

SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1UNION SELECT goto as username FROM alias WHERE alias.address='%s' and alias.domain='%d' and alias.active=1

It checks if there is alias with that name and if owner is the same as authenticated user. It works even when alias is sending mail to multiple adrreses.